This morning’s Irish Times reports on a change to a Health Service Executive policy I never knew existed. Until now, Irish hospitals provided members of the clergy with access to patient admission records. This practice, the article reports, “has been stopped by recent data protection legislation.”
I was surprised by the reference in the article to “recent data protection legislation” and “new legislation”. The main Irish legislation in this area is the Data Protection Act 1988. It was amended in 2003. There are a number of regulations affecting those Acts but the most recent relates only to the Director of Corporate Enforcement.
So, is the new legislation referred to the 8 year old act or the 23 year old one?
The truth is, one might reasonable speculate, that the consequences of long-standing legislative requirements have recently been considered by the HSE and they changed their policy accordingly. [I since found that the Offaly Independent reported on this story last Friday, without any indication that the legislative requirement which led to the policy change was new or recent.]
Information on an individual’s health is sensitive personal data for the purposes of the Acts and is the category of personal information that is subject to the strongest protections.
The Data Protection Commissioner has published a guidance note on the application of the Acts to the health sector. That note begins with the following, non-legislative point:
The confidentiality of patient records forms part of the ancient Hippocratic oath, and is central to the ethical tradition of medicine and health care.
It goes on to say that
Given the immense sensitivity of health-related information, it is imperative that professionals in this sector be clear about their use of personal data.
This recent, very much belated, change of policy by the HSE suggests that the organisation may have some distance to travel in this regard.
A Clatter of the Law 
At the Health Informatics Society of Ireland conference last year, Gary Davis (Deputy DPC) made reference to the findings of an audit that they had conducted in the healthcare sector.
The report hasn’t been published yet but apparently some “issues” have been identified. I suspect this is part of the response.
Very interesting if somewhat worrying article.
Maybe it is naive, but there must be some bone fide rational for the practise. If such a noble foundation exists, there must be some scope for accomidating this within the data protection framwork. It must be equally wrong to throw the baby out with the bath water…
Rossa
Thanks for a very interesting commentary on this issue. Another one that I have often pondered is the maintenance of school, parochial and diocesan records by the church.
In the context of countmeout.ie and the church refusing to grant requests to leave the church I was wondering if one could use the DP acts to require deletion of one’s personal data from the records of the church in particular the babtismal register.
But it raises a bigger issue, the church collects and controls a lot of personal data via its ownership of schools, churches and hospitals and much of that data is of interest for genealogical and historical research reasons.
On the other hand the church is subject to the DP acts so should it be required to delete personal data when it is no longer needed or upon request from a data subject.
Any thoughts?
Fred: I suspect that the areas you refer to are, in data protection terms, likely to be a mess. A lot of different organsations are involved who are likely to have different, and no, policies in place.
In relation to CountMeOut.ie, I think the Church’s position is that one cannot leave the Church in the sense of membership but I don’t know whether they will always hold records etc. A section 6 request of deletion require contravention of the Acts (that might not be difficult to establish if, as suggested by you, they have no valid reason to retain the data).
It might also be possible to argue that the Church should not process any such personal data as it would cause distress to the data subject (section 6A).
Niall: If you meant that this development is worrying from the clerical point of view, unfortunately for them the Acts are not subject to a “nobility exemption”.
Looking at the situation objectively, clergy members wish to gain access to patient data in order to provide those patients with a service. If this access were available to the clergy, why should it not also be available to solicitors who might like to see if any of their clients or potential clients have been admitted?
I value your blog. This is in place of what I purchase been looking for. Send register, and I give hard asunder back. peradventure you can clinch quantity a recapitulate?my pcb assembly blog too. The ready my English anomalous no good. Sorry, me English sucks I know.